<?php
ob_start("ob_gzhandler");
require ("include/bittorrent.php");
require_once ("include/user_functions.php");
require_once ("include/bbcode_functions.php");
// 0 - No debug; 1 - Show and run SQL query; 2 - Show SQL query only
$DEBUG_MODE = 0;
dbconn();
maxcoder();
if(!logged_in())
{
header("HTTP/1.0 404 Not Found");
// moddifed logginorreturn by retro//Remember to change the following line to match your server
print("<html><h1>Not Found</h1><p>The requested URL /{$_SERVER['PHP_SELF']} was not found on this server.</p><hr /><address>Apache/1.1.11 ".$SITENAME." Server at ".$_SERVER['SERVER_NAME']." Port 80</address></body></html>\n");
die();
}
if (get_user_class() < UC_MODERATOR)
    stderr("Error", "Permission denied.");

stdhead("Administrative User Search");
echo "<h1>Administrative User Search</h1>\n";

if ($_GET['h']) {
    echo "<table width=65% border=0 align=center><tr><td class=embedded bgcolor='#777777'><div align=left>\n
	Fields left blank will be ignored;\n
	Wildcards * and ? may be used in Name, Email and Comments, as well as multiple values\n
	separated by spaces (e.g. 'wyz Max*' in Name will list both users named\n
	'wyz' and those whose names start by 'Max'. Similarly  '~' can be used for\n
	negation, e.g. '~alfiest' in comments will restrict the search to users\n
	that do not have 'alfiest' in their comments).<br><br>\n
    The Ratio field accepts 'Inf' and '---' besides the usual numeric values.<br><br>\n
	The subnet mask may be entered either in dotted decimal or CIDR notation\n
	(e.g. 255.255.255.0 is the same as /24).<br><br>\n
    Uploaded and Downloaded should be entered in GB.<br><br>\n
	For search parameters with multiple text fields the second will be\n
	ignored unless relevant for the type of search chosen. <br><br>\n
	'Active only' restricts the search to users currently leeching or seeding,\n
	'Disabled IPs' to those whose IPs also show up in disabled accounts.<br><br>\n
	The 'p' columns in the results show partial stats, that is, those\n
	of the torrents in progress. <br><br>\n
	The History column lists the number of forum posts and torrent comments,\n
	respectively, as well as linking to the history page.\n
	</div></td></tr></table><br><br>\n";
} else {
    echo "<p align=center>(<a href='" . $_SERVER["PHP_SELF"] . "?h=1'>Instructions</a>)";
    echo "&nbsp;-&nbsp;(<a href='" . $_SERVER["PHP_SELF"] . "'>Reset</a>)</p>\n";
}

$highlight = " bgcolor=#BBAF9B";

?>

<form method=get action=<?=$_SERVER["PHP_SELF"]?>>
<table border="1" cellspacing="0" cellpadding="5">
<tr>

  <td valign="middle" class=rowhead>Name:</td>
  <td<?=$_GET['n']?$highlight:""?>><input name="n" type="text" value="<?=$_GET['n']?>" size=35></td>

  <td valign="middle" class=rowhead>Ratio:</td>
  <td<?=$_GET['r']?$highlight:""?>><select name="rt">
    <?php
$options = array("equal", "above", "below", "between");
for ($i = 0; $i < count($options); $i++) {
    echo "<option value=$i " . (($_GET['rt'] == "$i")?"selected":"") . ">" . $options[$i] . "</option>\n";
}

?>
    </select>
    <input name="r" type="text" value="<?=$_GET['r']?>" size="5" maxlength="4">
    <input name="r2" type="text" value="<?=$_GET['r2']?>" size="5" maxlength="4"></td>

  <td valign="middle" class=rowhead>Member status:</td>
  <td<?=$_GET['st']?$highlight:""?>><select name="st">
    <?php
$options = array("(any)", "confirmed", "pending");
for ($i = 0; $i < count($options); $i++) {
    echo "<option value=$i " . (($_GET['st'] == "$i")?"selected":"") . ">" . $options[$i] . "</option>\n";
}

?>
    </select></td></tr>
<tr><td valign="middle" class=rowhead>Email:</td>
  <td<?=$_GET['em']?$highlight:""?>><input name="em" type="text" value="<?=$_GET['em']?>" size="35"></td>
  <td valign="middle" class=rowhead>IP:</td>
  <td<?=$_GET['ip']?$highlight:""?>><input name="ip" type="text" value="<?=$_GET['ip']?>" maxlength="17"></td>

  <td valign="middle" class=rowhead>Account status:</td>
  <td<?=$_GET['as']?$highlight:""?>><select name="as">
    <?php
$options = array("(any)", "enabled", "disabled");
for ($i = 0; $i < count($options); $i++) {
    echo "<option value=$i " . (($_GET['as'] == "$i")?"selected":"") . ">" . $options[$i] . "</option>\n";
}

?>
    </select></td></tr>
<tr>
  <td valign="middle" class=rowhead>Comment:</td>
  <td<?=$_GET['co']?$highlight:""?>><input name="co" type="text" value="<?=$_GET['co']?>" size="35"></td>
  <td valign="middle" class=rowhead>Mask:</td>
  <td<?=$_GET['ma']?$highlight:""?>><input name="ma" type="text" value="<?=$_GET['ma']?>" maxlength="17"></td>
  <td valign="middle" class=rowhead>Class:</td>
  <td<?=($_GET['c'] && $_GET['c'] != 1)?$highlight:""?>><select name="c"><option value='1'>(any)</option>
  <?php
$class = $_GET['c'];
if (!is_valid_id($class))
    $class = '';
for ($i = 2;;++$i) {
    if ($c = get_user_class_name($i-2))
        print("<option value=" . $i . ($class && $class == $i? " selected" : "") . ">$c</option>\n");
    else
        break;
}

?>
    </select></td></tr>
<tr>

    <td valign="middle" class=rowhead>Joined:</td>

  <td<?=$_GET['d']?$highlight:""?>><select name="dt">
    <?php
$options = array("on", "before", "after", "between");
for ($i = 0; $i < count($options); $i++) {
    echo "<option value=$i " . (($_GET['dt'] == "$i")?"selected":"") . ">" . $options[$i] . "</option>\n";
}

?>
    </select>

    <input name="d" type="text" value="<?=$_GET['d']?>" size="12" maxlength="10">

    <input name="d2" type="text" value="<?=$_GET['d2']?>" size="12" maxlength="10"></td>


  <td valign="middle" class=rowhead>Uploaded:</td>

  <td<?=$_GET['ul']?$highlight:""?>><select name="ult" id="ult">
    <?php
$options = array("equal", "above", "below", "between");
for ($i = 0; $i < count($options); $i++) {
    echo "<option value=$i " . (($_GET['ult'] == "$i")?"selected":"") . ">" . $options[$i] . "</option>\n";
}

?>
    </select>

    <input name="ul" type="text" id="ul" size="8" maxlength="7" value="<?=$_GET['ul']?>">

    <input name="ul2" type="text" id="ul2" size="8" maxlength="7" value="<?=$_GET['ul2']?>"></td>
  <td valign="middle" class="rowhead">Donor:</td>

  <td<?=$_GET['do']?$highlight:""?>><select name="do">
    <?php
$options = array("(any)", "Yes", "No");
for ($i = 0; $i < count($options); $i++) {
    echo "<option value=$i " . (($_GET['do'] == "$i")?"selected":"") . ">" . $options[$i] . "</option>\n";
}

?>
	</select></td></tr>
<tr>

<td valign="middle" class=rowhead>Last seen:</td>

  <td <?=$_GET['ls']?$highlight:""?>><select name="lst">
  <?php
$options = array("on", "before", "after", "between");
for ($i = 0; $i < count($options); $i++) {
    echo "<option value=$i " . (($_GET['lst'] == "$i")?"selected":"") . ">" . $options[$i] . "</option>\n";
}

?>
  </select>

  <input name="ls" type="text" value="<?=$_GET['ls']?>" size="12" maxlength="10">

  <input name="ls2" type="text" value="<?=$_GET['ls2']?>" size="12" maxlength="10"></td>
	  <td valign="middle" class=rowhead>Downloaded:</td>

  <td<?=$_GET['dl']?$highlight:""?>><select name="dlt" id="dlt">
  <?php
$options = array("equal", "above", "below", "between");
for ($i = 0; $i < count($options); $i++) {
    echo "<option value=$i " . (($_GET['dlt'] == "$i")?"selected":"") . ">" . $options[$i] . "</option>\n";
}

?>
    </select>

    <input name="dl" type="text" id="dl" size="8" maxlength="7" value="<?=$_GET['dl']?>">

    <input name="dl2" type="text" id="dl2" size="8" maxlength="7" value="<?=$_GET['dl2']?>"></td>

	<td valign="middle" class=rowhead>Warned:</td>

	<td<?=$_GET['w']?$highlight:""?>><select name="w">
  <?php
$options = array("(any)", "Yes", "No");
for ($i = 0; $i < count($options); $i++) {
    echo "<option value=$i " . (($_GET['w'] == "$i")?"selected":"") . ">" . $options[$i] . "</option>\n";
}

?>
	</select></td></tr>

<tr><td class="rowhead"></td><td></td>
  <td valign="middle" class=rowhead>Active only:</td>
	<td<?=$_GET['ac']?$highlight:""?>><input name="ac" type="checkbox" value="1" <?=($_GET['ac'])?"checked":"" ?>></td>
  <td valign="middle" class=rowhead>Disabled IP: </td>
  <td<?=$_GET['dip']?$highlight:""?>><input name="dip" type="checkbox" value="1" <?=($_GET['dip'])?"checked":"" ?>></td>
  </tr>
<tr><td colspan="6" align=center><input name="submit" type=submit class=btn></td></tr>
</table>
<br><br>
</form>

<?php
// Validates date in the form [yy]yy-mm-dd;
// Returns date if valid, 0 otherwise.
function mkdate($date)
{
    if (strpos($date, '-'))
        $a = explode('-', $date);
    elseif (strpos($date, '/'))
        $a = explode('/', $date);
    else
        return 0;
    for ($i = 0;$i < 3;$i++)
    if (!is_numeric($a[$i]))
        return 0;
    if (checkdate($a[1], $a[2], $a[0]))
        return date ("Y-m-d", mktime (0, 0, 0, $a[1], $a[2], $a[0]));
    else
        return 0;
}
// ratio as a string
function ratios($up, $down, $color = true)
{
    if ($down > 0) {
        $r = number_format($up / $down, 2);
        if ($color)
            $r = "<font color=" . get_ratio_color($r) . ">$r</font>";
    } else
    if ($up > 0)
        $r = "Inf.";
    else
        $r = "---";
    return $r;
}
// checks for the usual wildcards *, ? plus mySQL ones
function haswildcard($text)
{
    if (strpos($text, '*') === false && strpos($text, '?') === false && strpos($text, '%') === false && strpos($text, '_') === false)
        return false;
    else
        return true;
}
// /////////////////////////////////////////////////////////////////////////////
if (count($_GET) > 0 && !$_GET['h']) {
    // name
    $names = explode(' ', trim($_GET['n']));
    if ($names[0] !== "") {
        foreach($names as $name) {
            if (substr($name, 0, 1) == '~') {
                if ($name == '~') continue;
                $names_exc[] = substr($name, 1);
            } else
                $names_inc[] = $name;
        }

        if (is_array($names_inc)) {
            $where_is .= isset($where_is)?" AND (":"(";
            foreach($names_inc as $name) {
                if (!haswildcard($name))
                    $name_is .= (isset($name_is)?" OR ":"") . "u.username = " . sqlesc($name);
                else {
                    $name = str_replace(array('?', '*'), array('_', '%'), $name);
                    $name_is .= (isset($name_is)?" OR ":"") . "u.username LIKE " . sqlesc($name);
                }
            }
            $where_is .= $name_is . ")";
            unset($name_is);
        }

        if (is_array($names_exc)) {
            $where_is .= isset($where_is)?" AND NOT (":" NOT (";
            foreach($names_exc as $name) {
                if (!haswildcard($name))
                    $name_is .= (isset($name_is)?" OR ":"") . "u.username = " . sqlesc($name);
                else {
                    $name = str_replace(array('?', '*'), array('_', '%'), $name);
                    $name_is .= (isset($name_is)?" OR ":"") . "u.username LIKE " . sqlesc($name);
                }
            }
            $where_is .= $name_is . ")";
        }
        $q .= ($q ? "&amp;" : "") . "n=" . urlencode(trim($_GET['n']));
    }
    // email
    $emaila = explode(' ', trim($_GET['em']));
    if ($emaila[0] !== "") {
        $where_is .= isset($where_is)?" AND (":"(";
        foreach($emaila as $email) {
            if (strpos($email, '*') === false && strpos($email, '?') === false && strpos($email, '%') === false) {
                if (validemail($email) !== 1) {
                    stdmsg("Error", "Bad email.");
                    stdfoot();
                    die();
                }
                $email_is .= (isset($email_is)?" OR ":"") . "u.email =" . sqlesc($email);
            } else {
                $sql_email = str_replace(array('?', '*'), array('_', '%'), $email);
                $email_is .= (isset($email_is)?" OR ":"") . "u.email LIKE " . sqlesc($sql_email);
            }
        }
        $where_is .= $email_is . ")";
        $q .= ($q ? "&amp;" : "") . "em=" . urlencode(trim($_GET['em']));
    }
    // class
    // NB: the c parameter is passed as two units above the real one
    $class = $_GET['c'] - 2;
    if (is_valid_id($class + 1)) {
        $where_is .= (isset($where_is)?" AND ":"") . "u.class=$class";
        $q .= ($q ? "&amp;" : "") . "c=" . ($class + 2);
    }
    // IP
    $ip = trim($_GET['ip']);
    if ($ip) {
        $regex = "/^(((1?\d{1,2})|(2[0-4]\d)|(25[0-5]))(\.\b|$)){4}$/";
        if (!preg_match($regex, $ip)) {
            stdmsg("Error", "Bad IP.");
            stdfoot();
            die();
        }

        $mask = trim($_GET['ma']);
        if ($mask == "" || $mask == "255.255.255.255")
            $where_is .= (isset($where_is)?" AND ":"") . "u.ip = '$ip'";
        else {
            if (substr($mask, 0, 1) == "/") {
                $n = substr($mask, 1, strlen($mask) - 1);
                if (!is_numeric($n) or $n < 0 or $n > 32) {
                    stdmsg("Error", "Bad subnet mask.");
                    stdfoot();
                    die();
                } else
                    $mask = long2ip(pow(2, 32) - pow(2, 32 - $n));
            } elseif (!preg_match($regex, $mask)) {
                stdmsg("Error", "Bad subnet mask.");
                stdfoot();
                die();
            }
            $where_is .= (isset($where_is)?" AND ":"") . "INET_ATON(u.ip) & INET_ATON('$mask') = INET_ATON('$ip') & INET_ATON('$mask')";
            $q .= ($q ? "&amp;" : "") . "ma=$mask";
        }
        $q .= ($q ? "&amp;" : "") . "ip=$ip";
    }
    // ratio
    $ratio = trim($_GET['r']);
    if ($ratio) {
        if ($ratio == '---') {
            $ratio2 = "";
            $where_is .= isset($where_is)?" AND ":"";
            $where_is .= " u.uploaded = 0 and u.downloaded = 0";
        } elseif (strtolower(substr($ratio, 0, 3)) == 'inf') {
            $ratio2 = "";
            $where_is .= isset($where_is)?" AND ":"";
            $where_is .= " u.uploaded > 0 and u.downloaded = 0";
        } else {
            if (!is_numeric($ratio) || $ratio < 0) {
                stdmsg("Error", "Bad ratio.");
                stdfoot();
                die();
            }
            $where_is .= isset($where_is)?" AND ":"";
            $where_is .= " (u.uploaded/u.downloaded)";
            $ratiotype = $_GET['rt'];
            $q .= ($q ? "&amp;" : "") . "rt=$ratiotype";
            if ($ratiotype == "3") {
                $ratio2 = trim($_GET['r2']);
                if (!$ratio2) {
                    stdmsg("Error", "Two ratios needed for this type of search.");
                    stdfoot();
                    die();
                }
                if (!is_numeric($ratio2) or $ratio2 < $ratio) {
                    stdmsg("Error", "Bad second ratio.");
                    stdfoot();
                    die();
                }
                $where_is .= " BETWEEN $ratio and $ratio2";
                $q .= ($q ? "&amp;" : "") . "r2=$ratio2";
            } elseif ($ratiotype == "2")
                $where_is .= " < $ratio";
            elseif ($ratiotype == "1")
                $where_is .= " > $ratio";
            else
                $where_is .= " BETWEEN ($ratio - 0.004) and ($ratio + 0.004)";
        }
        $q .= ($q ? "&amp;" : "") . "r=$ratio";
    }
    // comment
    $comments = explode(' ', trim($_GET['co']));
    if ($comments[0] !== "") {
        foreach($comments as $comment) {
            if (substr($comment, 0, 1) == '~') {
                if ($comment == '~') continue;
                $comments_exc[] = substr($comment, 1);
            } else
                $comments_inc[] = $comment;
        }

        if (is_array($comments_inc)) {
            $where_is .= isset($where_is)?" AND (":"(";
            foreach($comments_inc as $comment) {
                if (!haswildcard($comment))
                    $comment_is .= (isset($comment_is)?" OR ":"") . "u.modcomment LIKE " . sqlesc("%" . $comment . "%");
                else {
                    $comment = str_replace(array('?', '*'), array('_', '%'), $comment);
                    $comment_is .= (isset($comment_is)?" OR ":"") . "u.modcomment LIKE " . sqlesc($comment);
                }
            }
            $where_is .= $comment_is . ")";
            unset($comment_is);
        }

        if (is_array($comments_exc)) {
            $where_is .= isset($where_is)?" AND NOT (":" NOT (";
            foreach($comments_exc as $comment) {
                if (!haswildcard($comment))
                    $comment_is .= (isset($comment_is)?" OR ":"") . "u.modcomment LIKE " . sqlesc("%" . $comment . "%");
                else {
                    $comment = str_replace(array('?', '*'), array('_', '%'), $comment);
                    $comment_is .= (isset($comment_is)?" OR ":"") . "u.modcomment LIKE " . sqlesc($comment);
                }
            }
            $where_is .= $comment_is . ")";
        }
        $q .= ($q ? "&amp;" : "") . "co=" . urlencode(trim($_GET['co']));
    }

    $unit = 1073741824; // 1GB

    // uploaded
    $ul = trim($_GET['ul']);
    if ($ul) {
        if (!is_numeric($ul) || $ul < 0) {
            stdmsg("Error", "Bad uploaded amount.");
            stdfoot();
            die();
        }
        $where_is .= isset($where_is)?" AND ":"";
        $where_is .= " u.uploaded ";
        $ultype = $_GET['ult'];
        $q .= ($q ? "&amp;" : "") . "ult=$ultype";
        if ($ultype == "3") {
            $ul2 = trim($_GET['ul2']);
            if (!$ul2) {
                stdmsg("Error", "Two uploaded amounts needed for this type of search.");
                stdfoot();
                die();
            }
            if (!is_numeric($ul2) or $ul2 < $ul) {
                stdmsg("Error", "Bad second uploaded amount.");
                stdfoot();
                die();
            }
            $where_is .= " BETWEEN " . $ul * $unit . " and " . $ul2 * $unit;
            $q .= ($q ? "&amp;" : "") . "ul2=$ul2";
        } elseif ($ultype == "2")
            $where_is .= " < " . $ul * $unit;
        elseif ($ultype == "1")
            $where_is .= " >" . $ul * $unit;
        else
            $where_is .= " BETWEEN " . ($ul - 0.004) * $unit . " and " . ($ul + 0.004) * $unit;
        $q .= ($q ? "&amp;" : "") . "ul=$ul";
    }
    // downloaded
    $dl = trim($_GET['dl']);
    if ($dl) {
        if (!is_numeric($dl) || $dl < 0) {
            stdmsg("Error", "Bad downloaded amount.");
            stdfoot();
            die();
        }
        $where_is .= isset($where_is)?" AND ":"";
        $where_is .= " u.downloaded ";
        $dltype = $_GET['dlt'];
        $q .= ($q ? "&amp;" : "") . "dlt=$dltype";
        if ($dltype == "3") {
            $dl2 = trim($_GET['dl2']);
            if (!$dl2) {
                stdmsg("Error", "Two downloaded amounts needed for this type of search.");
                stdfoot();
                die();
            }
            if (!is_numeric($dl2) or $dl2 < $dl) {
                stdmsg("Error", "Bad second downloaded amount.");
                stdfoot();
                die();
            }
            $where_is .= " BETWEEN " . $dl * $unit . " and " . $dl2 * $unit;
            $q .= ($q ? "&amp;" : "") . "dl2=$dl2";
        } elseif ($dltype == "2")
            $where_is .= " < " . $dl * $unit;
        elseif ($dltype == "1")
            $where_is .= " > " . $dl * $unit;
        else
            $where_is .= " BETWEEN " . ($dl - 0.004) * $unit . " and " . ($dl + 0.004) * $unit;
        $q .= ($q ? "&amp;" : "") . "dl=$dl";
    }
    // date joined
    $date = trim($_GET['d']);
    if ($date) {
        if (!$date = mkdate($date)) {
            stdmsg("Error", "Invalid date.");
            stdfoot();
            die();
        }
        $q .= ($q ? "&amp;" : "") . "d=$date";
        $datetype = $_GET['dt'];
        $q .= ($q ? "&amp;" : "") . "dt=$datetype";
        if ($datetype == "0")
            // For mySQL 4.1.1 or above use instead
            // $where_is .= (isset($where_is)?" AND ":"")."DATE(added) = DATE('$date')";
            $where_is .= (isset($where_is)?" AND ":"") . "(UNIX_TIMESTAMP(added) - UNIX_TIMESTAMP('$date')) BETWEEN 0 and 86400";
        else {
            $where_is .= (isset($where_is)?" AND ":"") . "u.added ";
            if ($datetype == "3") {
                $date2 = mkdate(trim($_GET['d2']));
                if ($date2) {
                    if (!$date = mkdate($date)) {
                        stdmsg("Error", "Invalid date.");
                        stdfoot();
                        die();
                    }
                    $q .= ($q ? "&amp;" : "") . "d2=$date2";
                    $where_is .= " BETWEEN '$date' and '$date2'";
                } else {
                    stdmsg("Error", "Two dates needed for this type of search.");
                    stdfoot();
                    die();
                }
            } elseif ($datetype == "1")
                $where_is .= "< '$date'";
            elseif ($datetype == "2")
                $where_is .= "> '$date'";
        }
    }
    // date last seen
    $last = trim($_GET['ls']);
    if ($last) {
        if (!$last = mkdate($last)) {
            stdmsg("Error", "Invalid date.");
            stdfoot();
            die();
        }
        $q .= ($q ? "&amp;" : "") . "ls=$last";
        $lasttype = $_GET['lst'];
        $q .= ($q ? "&amp;" : "") . "lst=$lasttype";
        if ($lasttype == "0")
            // For mySQL 4.1.1 or above use instead
            // $where_is .= (isset($where_is)?" AND ":"")."DATE(added) = DATE('$date')";
            $where_is .= (isset($where_is)?" AND ":"") . "(UNIX_TIMESTAMP(last_access) - UNIX_TIMESTAMP('$last')) BETWEEN 0 and 86400";
        else {
            $where_is .= (isset($where_is)?" AND ":"") . "u.last_access ";
            if ($lasttype == "3") {
                $last2 = mkdate(trim($_GET['ls2']));
                if ($last2) {
                    $where_is .= " BETWEEN '$last' and '$last2'";
                    $q .= ($q ? "&amp;" : "") . "ls2=$last2";
                } else {
                    stdmsg("Error", "The second date is not valid.");
                    stdfoot();
                    die();
                }
            } elseif ($lasttype == "1")
                $where_is .= "< '$last'";
            elseif ($lasttype == "2")
                $where_is .= "> '$last'";
        }
    }
    // status
    $status = $_GET['st'];
    if ($status) {
        $where_is .= ((isset($where_is))?" AND ":"");
        if ($status == "1")
            $where_is .= "u.status = 'confirmed'";
        else
            $where_is .= "u.status = 'pending'";
        $q .= ($q ? "&amp;" : "") . "st=$status";
    }
    // account status
    $accountstatus = $_GET['as'];
    if ($accountstatus) {
        $where_is .= (isset($where_is))?" AND ":"";
        if ($accountstatus == "1")
            $where_is .= " u.enabled = 'yes'";
        else
            $where_is .= " u.enabled = 'no'";
        $q .= ($q ? "&amp;" : "") . "as=$accountstatus";
    }
    // donor
    $donor = $_GET['do'];
    if ($donor) {
        $where_is .= (isset($where_is))?" AND ":"";
        if ($donor == 1)
            $where_is .= " u.donor = 'yes'";
        else
            $where_is .= " u.donor = 'no'";
        $q .= ($q ? "&amp;" : "") . "do=$donor";
    }
    // warned
    $warned = $_GET['w'];
    if ($warned) {
        $where_is .= (isset($where_is))?" AND ":"";
        if ($warned == 1)
            $where_is .= " u.warned = 'yes'";
        else
            $where_is .= " u.warned = 'no'";
        $q .= ($q ? "&amp;" : "") . "w=$warned";
    }
    // disabled IP
    $disabled = $_GET['dip'];
    if ($disabled) {
        $distinct = "DISTINCT ";
        $join_is .= " LEFT JOIN users AS u2 ON u.ip = u2.ip";
        $where_is .= ((isset($where_is))?" AND ":"") . "u2.enabled = 'no'";
        $q .= ($q ? "&amp;" : "") . "dip=$disabled";
    }
    // active
    $active = $_GET['ac'];
    if ($active == "1") {
        $distinct = "DISTINCT ";
        $join_is .= " LEFT JOIN peers AS p ON u.id = p.userid";
        $q .= ($q ? "&amp;" : "") . "ac=$active";
    }

    $from_is = "users AS u" . $join_is;
    $distinct = isset($distinct)?$distinct:"";

    $queryc = "SELECT COUNT(" . $distinct . "u.id) FROM " . $from_is .
    (($where_is == "")?"":" WHERE $where_is ");

    $querypm = "FROM " . $from_is . (($where_is == "")?" ":" WHERE $where_is ");

    $select_is = "u.id, u.username, u.email, u.status, u.added, u.last_access, u.ip,
  	u.class, u.uploaded, u.downloaded, u.donor, u.modcomment, u.enabled, u.warned";

    $query = "SELECT " . $distinct . " " . $select_is . " " . $querypm;
    // <temporary>    /////////////////////////////////////////////////////
    if ($DEBUG_MODE > 0) {
        stdmsg("Count Query", $queryc);
        echo "<BR><BR>";
        stdmsg("Search Query", $query);
        echo "<BR><BR>";
        stdmsg("URL ", $q);
        if ($DEBUG_MODE == 2)
            die();
        echo "<BR><BR>";
    }
    // </temporary>   /////////////////////////////////////////////////////
    $res = mysql_query($queryc) or sqlerr();
    $arr = mysql_fetch_row($res);
    $count = $arr[0];

    $q = isset($q)?($q . "&amp;"):"";

    $perpage = 30;

    list($pagertop, $pagerbottom, $limit) = pager($perpage, $count, $_SERVER["PHP_SELF"] . "?" . $q);

    $query .= $limit;

    $res = mysql_query($query) or sqlerr();

    if (mysql_num_rows($res) == 0)
        stdmsg("Warning", "No user was found.");
    else {
        if ($count > $perpage)
            echo $pagertop;
        echo "<table border=1 cellspacing=0 cellpadding=5>\n";
        echo "<tr><td class=colhead align=left>Name</td>
    		<td class=colhead align=left>Ratio</td>
        <td class=colhead align=left>IP</td>
        <td class=colhead align=left>Email</td>" . "<td class=colhead align=left>Joined:</td>" . "<td class=colhead align=left>Last seen:</td>" . "<td class=colhead align=left>Status</td>" . "<td class=colhead align=left>Enabled</td>" . "<td class=colhead>pR</td>" . "<td class=colhead>pUL</td>" . "<td class=colhead>pDL</td>" . "<td class=colhead>History</td></tr>";
        while ($user = mysql_fetch_array($res)) {
            if ($user['added'] == '0000-00-00 00:00:00')
                $user['added'] = '---';
            if ($user['last_access'] == '0000-00-00 00:00:00')
                $user['last_access'] = '---';

            if ($user['ip']) {
                $nip = ip2long($user['ip']);
                $auxres = mysql_query("SELECT COUNT(*) FROM bans WHERE $nip >= first AND $nip <= last") or sqlerr(__FILE__, __LINE__);
                $array = mysql_fetch_row($auxres);
                if ($array[0] == 0)
                    $ipstr = $user['ip'];
                else
                    $ipstr = "<a href='/testip.php?ip=" . $user['ip'] . "'><font color='#FF0000'><b>" . $user['ip'] . "</b></font></a>";
            } else
                $ipstr = "---";

            $auxres = mysql_query("SELECT SUM(uploaded) AS pul, SUM(downloaded) AS pdl FROM peers WHERE userid = " . $user['id']) or sqlerr(__FILE__, __LINE__);
            $array = mysql_fetch_array($auxres);

            $pul = $array['pul'];
            $pdl = $array['pdl'];

            $auxres = mysql_query("SELECT COUNT(DISTINCT p.id) FROM posts AS p LEFT JOIN topics as t ON p.topicid = t.id
      	LEFT JOIN forums AS f ON t.forumid = f.id WHERE p.userid = " . $user['id'] . " AND f.minclassread <= " . $CURUSER['class']) or sqlerr(__FILE__, __LINE__);

            $n = mysql_fetch_row($auxres);
            $n_posts = $n[0];

            $auxres = mysql_query("SELECT COUNT(id) FROM comments WHERE user = " . $user['id']) or sqlerr(__FILE__, __LINE__);
            // Use LEFT JOIN to exclude orphan comments
            // $auxres = mysql_query("SELECT COUNT(c.id) FROM comments AS c LEFT JOIN torrents as t ON c.torrent = t.id WHERE c.user = '".$user['id']."'") or sqlerr(__FILE__, __LINE__);
            $n = mysql_fetch_row($auxres);
            $n_comments = $n[0];

            echo "<tr><td><b><a href='userdetails.php?id=" . $user['id'] . "'>" . $user['username'] . "</a></b>" . get_user_icons($user) . "</td>" .
            // ($user["donor"] == "yes" ? "<img src=pic/star.gif alt=\"Donor\">" : "") .
            // ($user["warned"] == "yes" ? "<img src=\"/pic/warned.gif\" alt=\"Warned\">" : "") . "</td>
            "<td>" . ratios($user['uploaded'], $user['downloaded']) . "</td>
          <td>" . $ipstr . "</td><td>" . $user['email'] . "</td>
          <td><div align=center>" . $user['added'] . "</div></td>
          <td><div align=center>" . $user['last_access'] . "</div></td>
          <td><div align=center>" . $user['status'] . "</div></td>
          <td><div align=center>" . $user['enabled'] . "</div></td>
          <td><div align=center>" . ratios($pul, $pdl) . "</div></td>" . "<td><div align=right>" . prefixed($pul) . "</div></td>
          <td><div align=right>" . prefixed($pdl) . "</div></td>
          <td><div align=center>" . ($n_posts?"<a href=/userhistory.php?action=viewposts&id=" . $user['id'] . ">$n_posts</a>":$n_posts) . "|" . ($n_comments?"<a href=/userhistory.php?action=viewcomments&id=" . $user['id'] . ">$n_comments</a>":$n_comments) . "</div></td></tr>\n";
        }
        echo "</table>";
        if ($count > $perpage)
            echo "$pagerbottom";

        /*
    <br><br>
    <form method=post action=/sendmessage.php>
      <table border="1" cellpadding="5" cellspacing="0">
        <tr>
          <td>
            <div align="center">
              <input name="pmees" type="hidden" value="<?echo $querypm?>" size=10>
              <input name="PM" type="submit" value="PM" class=btn>
              <input name="n_pms" type="hidden" value="<?echo $count?>" size=10>
            </div></td>
        </tr>
      </table>
    </form>
    */

    }
}

print("<p>$pagemenu<br>$browsemenu</p>");
stdfoot();
die;

?>